Method for transmitting encrypted user data objects

ABSTRACT

The present invention relates to a method for handling or transmitting encrypted user data objects. According to such method, a data preparation component (D) of a data preparation system provides user data objects. The data preparation component first encrypts a user data object that has been prepared. It then determines a checksum of the encrypted user data object and creates a container data object (DCF), in which the encrypted user data object and the determined checksum are provided. The container data object is subsequently transmitted to a first telecommunications device (A). Preferably, in order to use the encrypted user data object, the data preparation component (D) transmits descriptive information (BI 1 ) containing a description of the possible usage rights for the encrypted user data object to the telecommunications device (A). After the selection of a specific rights object (RO), the data preparation device first transmits a confirmation object (DCFV) to the telecommunication device in order to verify the compatibility of the desired rights object and the encrypted user data object provided in the telecommunication device and if said verification is successful, subsequently transmits the rights object (RO) to the telecommunications device (A).

BACKGROUND OF THE INVENTION

The present invention relates to a method for handling (in particular,transmitting) encrypted user data objects which are provided by a dataprovisioning component and transmitted to a telecommunications devicesuch as, for example, a mobile phone. Specifically, the presentinvention relates to a method which enables a user of thetelecommunications device to download different rights or rights objectsfrom the data provisioning component to the telecommunications device inreturn for an appropriate charge.

A method or, as the case may be, a service for reliable and accountabledownloading of user data objects to a telecommunications device, inparticular in the embodiment of a mobile radio device or mobile phone,in a data communications network is currently under discussion. In aproposed scheme, the downloading of the user data objects to the mobileradio device is intended to be implemented via a protocol specified bythe WAP Forum (WAP: Wireless Application Protocol) or an Internetprotocol (e.g., Hypertext Transfer Protocol: HTTP). The downloadingservice is specified here in such a way that a user with an applicationprogram which is available on the mobile radio device and which isreferred to as a download client is to be allowed to download any userdata objects which are provided by one or more data provisioningcomponents, particularly servers or, as the case may be, downloadservers of service providers or content providers in the datacommunications network. A possible embodiment of the service makesprovision for a downloadable user data object to be provided withrestrictions in relation to its usage by the user of the mobile radiodevice. This can be used, for example, to restrict the number of uses ofthe user data object or also the usage period. The practicalimplementation is effected by the description of the restrictions usinga suitable language such as, for example, ODRL (Open Digital RightsExpression Language), whereby the download client or another specialapplication, called a DRM agent, receives the rights description formanagement of the rights associated with a (digital) user data object(DRM: Digital Rights Management), evaluates it, stores it in a protectedmemory area that is not accessible to the user on the mobile radiodevice and, in response to a request by the user to use the object,grants or does not grant such rights in accordance with the rightsdescription. The user data object itself can be protected againstunauthorized access either by being stored in encrypted form in a freelyaccessible memory area on the mobile radio device or by being managed bya special application, such as the DRM agent, which does not allow anyunauthorized access to the object by the user.

According to a variant specified by the WAP Forum for the management ofDRM-protected contents, a user data object provided by a dataprovisioning component is encrypted and finally packed for transport andstorage onto a telecommunications device such as a mobile radio devicein a so-called container file or a so-called container object (which,for example, has been assigned the data type or content type“Application/VND.OMA.DRM.Content”). Through the use of a service forreliable downloading of content by a data provisioning component(content download), the encrypted user data object is packed in thecontainer object and transmitted to the telecommunications device usingWAP protocols (such as, for example, the WSP: Wireless Session Protocol)or Internet protocols (such as, for example, the HTTP). A so-calledrights object is transmitted to the telecommunications device separatelyfrom the encrypted user data object; for example, via a WAP push. Therights object contains a description of the rights granted to the userfor using the encrypted user data objects, a reference to the containerobject which enables the rights object to be assigned to thecorresponding container object, and a key by which the encrypted userdata object can be decrypted so that it subsequently may be used. Aspecial device or application, which may be the above-mentioned DRMagent, is necessary on the telecommunications device, such as the mobileradio device, in order to use the combination of the encrypted user dataobject packed in the container object and the rights object. After thetransmission of the rights object to the telecommunications device, therights object is transferred directly to the DRM agent which isresponsible for the management and safekeeping of the secret; namely,the key for decrypting the encrypted user data object. In practice, theDRM agent stores the rights object on the telecommunications device andprotects it against unauthorized access by other applications or users.The first step when an encrypted user data object is to be used is thatthe DRM agent is activated.

The latter searches for a rights object that matches the containerobject in the memory area managed by it in the telecommunications deviceon the basis of the identification contained in the container object andalso in the rights object, checks whether rights can be granted for therequested usage type (such as, for example, “playing back” music data or“displaying” image data, etc.) and decrypts the user data object usingthe key from the rights object if the rights can be granted. Pursuant tothe above described method, wherein an encrypted user data object and arights object separate therefrom can be used, the value of digital datais no longer represented by the encrypted user data object or thecontainer object itself, but rather by the rights object and the keycontained therein, without which, of course, the encrypted user dataobject cannot be used. Thus, in this case the encrypted user dataobjects can be stored in packed form in the container objects on thetelecommunications device and be freely accessible. This also allowsencrypted user data objects, packed in container objects, to beforwarded by a user to one or more other users, a process referred to as“superdistribution”.

In order to make the encrypted user data object contained in a forwardedcontainer object usable, an individual user must download a suitablerights object from a rights provider that may be identical to thecontent provider providing a specific user data object.

The method just described, in which in order to make user data objectsusable it is necessary firstly to download a container object containingan encrypted user data object, and secondly to download a rights objectfrom an identical or from different data provisioning component(s),does, however, have the disadvantage that before downloading a rightsobject a user has no way to check whether the rights object offered, forexample, by an arbitrary provider does in fact enable the use of theencrypted user data object which is already present, stored in thecontainer object, on the user's own telecommunications device; i.e.,whether the offered rights object includes, for example, the right keyfor decrypting the encrypted user data object contained in the containerobject. A further disadvantage is that a user without a purchased ordownloaded rights object has no way whatsoever to check whether theencrypted user data object received by his or her telecommunicationsdevice or even the entire container object is undamaged.

Accordingly, the present invention seeks to provide a method by which auser is rendered capable of checking the integrity or, as the case maybe, usability of an encrypted user data object stored on his or hertelecommunications device.

SUMMARY OF THE INVENTION

With a method for handling and/or transmitting encrypted user dataobjects, wherein a data provisioning component provides user dataobjects, a user data object of such kind is first encrypted in order toprotect it against an unauthorized access. Next, a checksum of theencrypted user data object (or of the entire container object) isdetermined. This can be calculated, for example, via a conventional hashalgorithm. A container file or container object which has a contentsection and a description section is also generated. The encrypted userdata object is provided in the content section of the container object,while the checksum just determined is provided in the descriptionsection. The container object thus contains two data areas which areaccommodated independently of each other, yet are related in terms oftheir content (encrypted user data object associated with the checksumdetermined by such object) and, therefore, permit an integrity check ina comparison of this data. Finally, the generated container object istransmitted to a first telecommunications device of a first user.

It should be noted here that it is possible that the still unencrypteduser data objects are provided by a first data provisioning component,while they are encrypted by a second data provisioning componentconnected to the first data provisioning component and are packedtogether with a checksum determined in this regard into a containerobject and finally offered to a user for downloading to his or hertelecommunications device. In a case such as this, rather than referringto one or more individual data provisioning components it is alsopossible to speak of a data provisioning system which includes theindividual data provisioning components for providing user data objectsor, as the case may be, for encrypting, packing and providing user dataobjects. In addition to the possibility that a container object istransmitted directly by a data provisioning component or, as the casemay be, a data provisioning system to a telecommunications deviceassigned to a user, it is also possible that the container objectreaches the first user or the latter's telecommunications device via oneor more second or further telecommunications devices of other users.

A container object generated, for example, according to the above methodin a data provisioning component is advantageously analyzed after itsreception by the first telecommunications device in such a way that thechecksum provided in the container object is first extracted from thedescription section of the container object. Next, the checksum isdetermined a second time from the encrypted user data object provided inthe content section of the container object. The checksum justdetermined a second time is then compared with the extracted checksum sothat, in the event that the two checksums tally, it can be concludedthat the encrypted user data object has been transmitted correctly or,as the case may be, that the user data object is undamaged. This type ofanalysis of a received container object can be performed by a specialapplication of the (first) telecommunications device which is speciallydesigned for managing usage rights for digital data or data objects;i.e., a so-called DRM agent (DRM: Digital Rights Management). Such acomparison of the extracted and newly determined checksums thus enablesit to be confirmed whether, particularly, in the case of asuperdistribution of container objects, an encrypted user data objecthas been incompletely transmitted or whether a user data object hasbeen, for example, selectively tampered with.

It should be noted that it is possible that not just one encrypted userdata object may be provided in a container object or, as the case maybe, in its content section, but also a number thereof. Accordingly achecksum must be determined in each case for the number of encrypteduser data objects, with the respective checksums having to be providedin the description section of the container object. In an integritycheck, finally, the respective checksum of each encrypted user dataobject to be analyzed then may be determined and compared with therespective checksum provided in the description section. In this way itis possible to combine, for example, a number of related user dataobjects (linked, for example, on the basis of their related subjectmatter, such as images of the same object at different resolutions) in asingle container object and transmit such container object.

In order to be able to use an encrypted user data object which is packedin a container object and has been provided or received on atelecommunications device, it is also necessary to provide a rightsobject which firstly has assignment information for assigning the rightsobject to an encrypted user data object or to a container object whichcontains the encrypted user data object. The rights object must alsocontain decryption information for decrypting the encrypted user dataobject in order to make the user data object usable for the user; i.e.,to permit a music file to be played back, for example. The rights objectcan further include rights information for describing the usage rightsof the encrypted user data objects. In this case, the usage rights caninclude, for example, how long the use of a user data object ispermitted, how often such use is permitted or, such as in the case of amultimedia user data object, the use of which medium is permitted duringsuch use (in the case of a video clip with musical accompaniment, forexample, whether just the music may be listened to or whether theassociated video clip also may be viewed). The rights object can begenerated, for example, by a data provisioning component which alsoprovides or generates the container object, but it also can be generatedby a different data provisioning component which is, in turn, part of ahigher-level data provisioning system, for example.

Since, as already mentioned, the value of an encrypted user data objectdepends on the assigned rights object which grants the user the usagerights for the user data object, a provider of rights objects (whichalso may be identical with the provider of user data objects) willcharge a user for a rights object immediately after transmitting therights object to the user or the latter's telecommunications device. Assuch, the user, who can choose from a number of rights objects, forexample, therefore would have no way to check whether the chosen rightsobject matches the encrypted user data object stored on his or hertelecommunications device before he or she downloads the rights objectand has to pay for it. Thus, in order to enable a user to check, priorto the transmission or downloading of a specific rights object, whetherthe rights object actually permits the use of the encrypted user dataobject present in the container object on his or her telecommunicationsdevice (i.e., whether the specific rights object will contain the rightkey for decrypting the encrypted user data object) according to anadvantageous embodiment a verification object or confirmation objectassigned to the rights object is generated which has assignmentinformation for assigning the rights object to an encrypted user dataobject and a checksum of the encrypted user data object. As such, aconfirmation object is generated in the data provisioning system,particularly by the data provisioning component which also provides therights object, which confirmation object does not enable a decryption ofan encrypted user data object, but permits a compatibility check todetermine whether a rights object assigned to the confirmation objectmatches or is compatible with a user data object that is present on theuser's telecommunications device.

In this regard, according to a further advantageous embodiment of thepresent invention, a request is submitted on the part of the firsttelecommunications device to the data provisioning system of a contentprovider or a data provisioning component of such system to the effectthat the confirmation object assigned to a specific rights object istransmitted to the first telecommunications device. The confirmationobject is then transmitted by the data provisioning component or, as thecase may be, the data provisioning system to the firsttelecommunications device, where finally the checksum is extracted fromthe confirmation object. A comparison now can be made between thechecksum extracted from the confirmation object and the newly determinedchecksum or the checksum provided in the description information of thecontainer object in order to be able to conclude, in the event that thechecksums tally, that the rights object assigned to the confirmationobject and the encrypted user data object transmitted in the containerobject to the first telecommunications device are compatible. As such,it is now possible, without having to transmit the actual rights object,to check via the confirmation object assigned to the rights object orvia the checksum provided therein whether the rights object iscompatible with the user data object provided from thetelecommunications device. It is possible here that the integrity checkon the encrypted user data object contained in the container object canbe performed before the request for the confirmation object, during therequest or after the request for the confirmation object. However, theintegrity check is advantageously performed after reception of acontainer object and prior to a request for a confirmation object orrights object in order not to have to make the request for confirmationor rights objects unnecessarily in the event of a defective or erroneousencrypted user data object or container object.

If the check on the confirmation object with regard to the encrypteduser data object present in the container object is completed with apositive result, the first telecommunications device can send thepositive check result in the form of a status report to the dataprovisioning component providing the confirmation object or, as the casemay be, the rights object assigned thereto. The data provisioningcomponent can thereupon independently transmit the associated rightsobject to the first telecommunications device. It also is, however,possible that the first telecommunications device does not immediatelysend off a status report concerning the successful check on theconfirmation object, but sends a request message at a later,self-determined time to the data provisioning component providing therights object assigned to the confirmation object so that finally saidthe data provisioning component transmits the rights object to the firsttelecommunications device. It is, however, also possible that the firsttelecommunications device directly requests a specific rights objectfrom a data provisioning component providing such rights object via arequest message provided for the purpose, only after an integrity checkon a received container object.

According to a further embodiment, in a method for handling or, as thecase may be, making usable encrypted user data objects, an encrypteduser data object is provided in a first telecommunications device; forexample, in that it has been transmitted by a data provisioningcomponent or a further telecommunications device and has possibly beenchecked for integrity according to an above method. Thetelecommunications device then requests description information relatingto the content of the encrypted user data object from a dataprovisioning component. The requested description information is thentransmitted to the first telecommunications device by the dataprovisioning component. A check is now made in the telecommunicationsdevice to verify whether the content with attributes specified in thedescription information can be used by the first telecommunicationsdevice. If the check on the attributes specified in the descriptioninformation is successful, a confirmation object is requested from thedata provisioning component, which confirmation object is assigned to arights object (RO) assigned to the encrypted user data object in orderto check the compatibility of the rights object and the encrypted userdata object. Through the request for the description information it isnow possible that the telecommunications device first checks whether thestored user data object is usable at all (if, for example, thetelecommunications device has no means of outputting audio or music, auser data object having a music content would not be usable on thetelecommunications device).

Advantageously, the rights object is transmitted by the dataprovisioning component to the first telecommunications device uponsuccessful checking of the compatibility of the rights object and theencrypted user data object.

The encrypted user data object can be provided in a content section of acontainer object. The container object also may have a descriptionsection in which a checksum of the encrypted user data object isprovided. Moreover, the address of the data provisioning component forrequesting the description information and/or the confirmation objectalso may be provided in the description section of the container object.

Advantageously, the confirmation object has a checksum of the encrypteduser data object, whereby the check on the compatibility of the rightsobject and the encrypted user data object is performed according to thefollowing steps. The checksum is extracted from the confirmation object.Next, the checksum extracted from the confirmation object is comparedwith the checksum provided in the description section of the containerobject in order to be able to conclude, in the event that the twochecksums tally, that the rights object assigned to the confirmationobject and the encrypted user data object provided in the containerobject on the first telecommunications device are compatible.

As mentioned already, it is possible that, in the event of a successfulcompatibility check of the confirmation object assigned to the rightsobject and the encrypted user data object transmitted in the containerobject on the first telecommunications device, a first confirmationmessage can be transmitted from the first telecommunications device tothe data provisioning component providing the rights or confirmationobject. It is furthermore possible that, providing no check of therights object is performed using a confirmation object, a secondconfirmation message is sent by the first telecommunications device tothe data provisioning component when the first telecommunications devicehas received the rights object from the data provisioning component.According to a further advantageous embodiment, the user of the firsttelecommunications device is then charged on the basis of the receptionof the first and/or second confirmation message from the dataprovisioning component for the transmitted rights object or, as the casemay be, the user is sent charging information so that he or she can payfor the received rights object.

According to a further advantageous embodiment, the first and/or thefurther telecommunications devices and the data provisioning systemincluding the data provisioning components provided therein (forcontainer objects, confirmation objects or rights objects) are part of atelecommunications network. It is possible in this case that the firstand the further telecommunications devices are in each case part of atelecommunications network, whereby the individual telecommunicationsdevices do not have to be part of the same telecommunications network.Accordingly, a data provisioning component of the data provisioningsystem, which component is particularly embodied as a data server of aservice provider or content provider, can be provided in atelecommunications network which is connected to the telecommunicationsnetwork or networks which are assigned to the first and the furthertelecommunications devices.

In order to be able to use the method for transmitting user data objectsas flexibly as possible, the first and/or the further telecommunicationsdevices may be embodied as a mobile telecommunications device and, atthe same time, include a radio module or mobile radio module. In thiscase, the telecommunications device can be embodied, for example, as amobile phone, a cordless telephone, a smartphone (combination of a smallportable computer and a mobile phone), a PDA (PDA: Personal DigitalAssistant) or an organizer. Furthermore the telecommunications devicesalso may include other devices that are accessible in a mobilemanner,such as a personal computer (PC) or a laptop which can be accessed via amobile radio network by a connected mobile radio device (mobile phone).The mobile radio device then may be connected to the personal computeror laptop, for example, via a cable or contact said devices wirelesslyvia an infrared interface or a local Bluetooth network. In this case thefirst and/or also the further telecommunications devices including thetelecommunications network assigned to these can operate in theembodiment of a mobile radio network conforming to the GSM (GlobalSystem for Mobile Communication) standard or the UMTS (Universal MobileTelecommunications System) standard. Such mobile radio networks ortelecommunications devices conforming to the GSM or UMTS standard canrepresent a platform for WAP protocols or the WAP protocol stack (WAP:Wireless Application Protocol) via which data (messages and/or user dataobjects) can be transmitted in the respective mobile radio network. Inthe case of the use of the WAP protocol stack it is possible, throughthe use of a WAP gateway as the interface between a mobile radio networkand another network, such as a network based on an Internet protocol, toestablish a connection to such network. In this way, it is possible thatthe data provisioning component is situated in a network based on anInternet protocol, such as the Internet, whereby the data (messages,user data objects) can be transmitted via a WAP gateway and finally viaan air interface of a mobile radio network between the base station(s)of the mobile radio network and to the respective telecommunicationsdevices.

According to an advantageous embodiment, the user data objects can bedata in the form of text data, image data or, as the case may be, videodata, audio data, executable programs or software components or acombination of these data types; i.e., multimedia data or content.

Additional features and advantages of the present invention aredescribed in, and will be apparent from, the following DetailedDescription of the Invention and the figures.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a block diagram showing the components involved in a methodfor downloading user data objects including the data flow between thecomponents.

FIG. 2 is a block diagram showing the components involved in a methodfor downloading or transmitting rights objects including the data flowbetween the components.

FIG. 3 shows a schematic representation of a container object accordingto an embodiment of the present invention.

FIG. 4 shows a schematic representation of a rights object according toan embodiment of the present invention.

FIG. 5 shows a schematic representation of a confirmation objectassigned to the rights object according to an embodiment of the presentinvention.

DETAILED DESCRIPTION OF THE INVENTION

A method proposed by the WAP Forum or its successor organization OMA(OMA: Open Mobile Alliance) for downloading or transmitting any dataobjects to telecommunications devices such as mobile radio devices ormobile phones and for managing the rights for the digital user dataobjects essentially consists of two sections; namely, the actualdownloading or transmission of the user data objects (“contentdownload”) and the management of the digital rights (“Digital RightsManagement”).

As can be seen in FIG. 1, a telecommunications arrangement forperforming a method for downloading or transmitting user data objectsincludes a data provisioning component for providing user data objectsand a first telecommunications device A. In the example, thetelecommunications device is embodied as a mobile phone which canoperate in accordance with the GSM or UMTS standard. It is furtherassumed that the mobile phone A is part of a mobile radio network. Themobile phone A is able to use WAP protocols (e.g., Wireless SessionProtocol: WSP, etc.) or the WAP protocol stack in order to transmit dataover an air interface to a corresponding stationary transmit/receivearrangement of the mobile radio network assigned to the mobile phone A.The data provisioning component D can be provided in the mobile radionetwork assigned to the mobile phone A or can be provided, for example,in the Internet, which is connected to the mobile radio network of themobile phone A via corresponding WAP gateways. Although it is possiblethat a user data object can be transmitted from the data provisioningcomponent D to the mobile phone A not only directly, but also viafurther data provisioning components which together form a dataprovisioning system, or even can be transmitted via further mobilephones, the direct transmission of user data objects from the dataprovisioning component D to the mobile phone A shall be explained in thefollowing description for the sake of simplicity.

As can be seen in the components identified in FIG. 1, two logical unitsare required for a method for transmitting or downloading user dataobjects; namely, firstly a so-called “download server” and secondly aso-called “download client”:

1.) The download server HS, which is implemented, in particular, via asoftware application or a software program on a data provisioningcomponent such as a data server, is responsible on the one hand forproviding the download clients on a telecommunications device or amobile phone firstly with description information relating to a specificobject managed by the download server. Description information of thiskind is also referred to as meta data or as an object description. Basedon a request by a user of a download client on the user'stelecommunications device, the download server delivers a desired userdata object to the client. In the process the download server can takeinto account previously optionally transmitted attributes of thedownload client or the telecommunications device on which the client isexecuted or a device connected to the telecommunications device byselecting a user data object matched to the attributes or generatingsuch an object specifically for the download client which is serving asthe current recipient.

2.) The download client HK represents, in particular, a softwareapplication on a telecommunications device such as the mobile phone A oran application on a data management device connected to thetelecommunications device such as, for example, a portable computer or aPDA. The download client first negotiates the delivery of a desired userdata object with the download server, receives such object and confirmsits error-free reception to the download server and possibly also theusability of the received content on the telecommunications device orthe mobile phone A, as used in the example.

The process for downloading or transmitting user data objects from thedownload server to the download client, as will be explained furtherbelow in relation to FIG. 1, is designed so as to fulfill the followingrequirements.

Before a user downloads a user data object from a data provisioningcomponent he or she must, as already mentioned, first be informed aboutthe attributes of the user data object (for example, through an objectdescription or description information). Corresponding information caninclude such things as: the name of the user data object, the datavolume for the transmission of the user data object (e.g., in bytes), averbal description of the user data object, and any further attributesof the user data object to be downloaded.

The user must be able to issue his or her explicit approval (acceptanceof the offer by the data provisioning component) for the delivery andpossible charging of the user data object.

Reference is made once again to FIG. 1, in which the process ofdownloading a user data object is presented in detail, whereby themessage flow and action sequence in time is identified by the numbers onthe arrows in FIG. 1.

1.) The download client HK on the mobile phone A requests descriptioninformation BI1 from the download server of the data provisioningcomponent D, which contains the object description or meta data relatingto a specific user data object.

2.) The description information BI1 is transmitted to the downloadclient HK by the download server HS. Based on the received descriptioninformation the usability of the described user data object on themobile phone A of the user can be checked and the approval of the userobtained for downloading the user data object (not shown explicitlyhere).

3.) The download client HK requests the user data object NDO from thedownload server HS.

4.) The download server HS sends the chosen user data object to thedownload client HK.

5.) The download client HK, for its part, sends a status report SR backto the download server HS.

According to an embodiment already described in the introduction forpreventing an unauthorized access to a user data object or anunauthorized use of a downloaded data object, a user data object isencrypted by a data provisioning component of a data provisioning systemand provided together with a checksum of the user data object in acontainer object or a container file. Container objects of this kindthen may be transmitted according to the same method as already shown,for example, for unencrypted user data objects in FIG. 1.

Starting from a case of this kind, in which an encrypted user dataobject provided in a container is present on a user's telecommunicationsdevice, it is now necessary for the user of the telecommunicationsdevice to obtain the rights to use the transmitted container object.According to the embodiment described in the following, such rights canbe transmitted by the data provisioning component to the user'stelecommunications device via a rights object. Such a rights object,which also will be explained later in relation to FIG. 4, includes, forexample, a description of the rights which are granted to the user inorder to use the encrypted user data object provided in the containerobject, a reference to the container object which enables an assignmentof the rights object to the corresponding container object, and a keywith which the encrypted user data object can be decrypted so that itsubsequently can be used. As will be explained further in relation toFIG. 2, it is necessary, in order to use the combination of theencrypted user data object, a container object and a rights object, fora special device or software application to be provided on the user'stelecommunications device, which device or software application isreferred to as a so-called DRM (Digital Rights Management) agent. TheDRM agent receives the rights object which has been transmitted by adata provisioning component to the telecommunications device and isresponsible for the management of the rights object or, as the case maybe, for the safekeeping of its secret, i.e., the key for decrypting theencrypted user data object in the container object. In practice, the DRMagent must store the rights object on the telecommunications device andprotect it against unauthorized access by other devices or applications.In a method to be explained below in FIG. 2, according to an embodimentof the present invention in which rights or rights objects aretransmitted to a telecommunications device of a user irrespective ofuser data objects (packed in container objects and encrypted), thefollowing criteria are to be taken into account:

A check of the integrity or, as the case may be, freedom from damage ofa container object or the encrypted user data object contained in suchcontainer object shall be possible even if the container object has beentransmitted to the telecommunications device of a user by“superdistribution” and potentially comes from an unreliable source. Forthis purpose, according to a preferred embodiment of the presentinvention, a checksum of the encrypted user data object is inserted asan additional information element into a description section of thecontainer object by a data provisioning component (see also FIG. 3). Inthis case, the checksum also can be calculated by a hash function or ahash algorithm. Here, from a data object of arbitrary size, a hashfunction can calculate a character string of fixed length (e.g., 128 or160 bits) with the following attributes. The character string is uniqueto the data object (“digital fingerprint”). Even changing a single bitof the data object results in a totally different hash value. Theoriginal data object cannot be reconstructed from the hash value. It ispractically impossible to find two data objects that produce the samehash value. Alternatively, the checksum or the hash value also may becalculated over the entire container object. The above-mentioned DRMagent for managing rights of a user data object on a user'stelecommunications device can thus check the integrity or freedom fromdamage of the encrypted user data object only on the basis of thecontainer object by using the defined and generally known algorithm forcalculating the checksum or the hash value to calculate precisely thischecksum/hash value for the encrypted user data object or the entirecontainer object and comparing it with that in the container object.

The user shall be able to request new rights or rights objects for anencrypted user data object, packed in a container object, provided onhis or her telecommunications device. For this purpose, a resource(“rights issuer”) can be specified in the container object or, moreprecisely, in its description section (cf. FIG. 3), from which the DRMagent starts to download a rights object, corresponding to thedownloading of user data objects shown in FIG. 1. This enables rights orrights objects to be downloaded to the telecommunications device withthe reliability corresponding to the “normal” download process for userdata objects. To put it more precisely, there can be provided in thedescription section of the container object a URL (URL: Uniform ResourceLocator) which specifies, for example, an “address” of a specific dataprovisioning component which may be identical to the data provisioningcomponent for user data objects. As a result of the invocation of thespecified URL by one of the applications, download client or DRM agent,a user can be provided (via a menu structure, for example) with an offerof one or more different rights, whereby the user can have delivered tohim or her via a download process or can purchase a specific right orspecific rights in the form of rights objects. The user is thus offereda familiar interface and manner of operation such as he or she alreadyknows from the downloading of user data objects to his or hertelecommunications device, which increases the confidence in theservice.

In order to guarantee that a specific selected rights object (which islocated on a data provisioning component) matches a container objectresiding on the telecommunications device of a user or the encrypteduser data object packed therein, and in order therefore to prevent anincorrect rights object, for which he or she must still pay, beingtransmitted to a user of a telecommunications device, a confirmationobject (“verifier object”) assigned to the rights object is to betransmitted first to the telecommunications device of the user insteadof the rights object. This confirmation object contains the checksum orhash value of the encrypted object, packed in a container object, thatis already present on the telecommunications device of the user or thechecksum (the hash value) of the container object. The confirmationobject further may contain an identification designation for thecontainer object to be checked so that the DRM agent responsible forrights management is able to check that the right container object isstored on the telecommunications device of the user. As such, a newobject type, namely that of the confirmation object, is defined, bywhich DRM-relevant data can be transmitted from the download server of adata provisioning component to the DRM agent of a telecommunicationsdevice without the need to transmit the actual rights object itself. Inthis way, a separation of DRM-relevant data and content-related data andan implementation of an essentially identical execution of the downloadprocess for additional rights or rights objects are created with anadditional guarantee of the relatedness of the encrypted user dataobject already present on the telecommunications device of a user andthe rights object to be downloaded.

According to a possible embodiment of the explained variant, alreadyprior to or during the request for new rights or rights objects the DRMagent checks the checksum or hash value relating to the container objector encrypted user data object packed therein for correctness and/orintegrity. This reduces the overhead for checking the checksum or hashvalue following reception of the confirmation object to a comparisonbetween the just checked or, as the case may be, newly determinedchecksum (or hash value) and the checksum (or hash value) provided inthe confirmation object. In this way, the time period for sending astatus report to the download server on completion of the comparison orthe time for requesting the actual rights object then may be reduced.

If the check of the checksum (or hash value) transmitted by theconfirmation object is negative, that is, if the checksum provided inthe confirmation object does not tally with the checksum, newlydetermined by the DRM agent, of the encrypted user data object or theentire container object, the process of downloading the actual rightsobject can be interrupted. As a result, the user of thetelecommunications device who wanted to download a rights object isprotected from downloading a rights object that he or she cannot use,and so is protected from having to pay for such unusable rights object.

A process flow scheme for illustrating the method for transmitting ordownloading rights or a rights object will now be described withreference to FIG. 2, whereby the data flow in time and method sequenceare identified by the numbers 1 to 9 on the arrows in FIG. 2. In thiscase it is assumed that there is already provided on thetelecommunications device of a user to which a rights object is to betransmitted an encrypted user data object, packed in a container object,in a memory area of the telecommunications device, which user dataobject comes, for example, from a data provisioning component pursuantto a method, illustrated in FIG. 1, for downloading user data objects orhas been transferred by another telecommunications device. It is furtherassumed in FIG. 2 that the download server HS according to FIG. 1 is anapplication on a data provisioning component D of a data provisioningsystem, while the download client HK and the DRM agent DRMA areapplications or software applications on a user's telecommunicationsdevice or, as the case may be, mobile phone A to which a specific rightsobject is to be transmitted.

1.) A resource of the rights provider (data provisioning component D) isrequested or invoked by the DRM agent DRMA using the corresponding URLwhich is specified in the description section of the correspondingcontainer object on the mobile phone A of the user in order to downloador transmit a rights object RO. This causes a new download process tostart. The purpose of the request is to receive description informationwhich is transmitted to the mobile phone A and evaluated thereaccordingly by the download client HK and responded to. Alternatively, abrowsing session also may take place between the calling of the resourceby the DRM agent and the transmission of the description informationBI1; i.e., the immediate response to the initial request or inquiry inthe agent DRMA includes, not description information, but one or moreweb pages which describe, for example, an offer for downloading newrights and contain a reference for downloading the descriptioninformation. However, at the end of the browsing session, followingselection of a specific rights object, description information is againrequested by the mobile phone A or the DRM agent.

2.) The description information BI1 is transmitted to the mobile phone Aand passed according to its type to the download client HK. In thiscase, the transmission of the description information from the dataprovisioning component D to the mobile phone A can take the form, forexample, of a message in the Short Message Service (SMS), a message inthe Multimedia Message Service (MMS), an e-mail or an instant message,etc.

3.) The download client HK presents the information for the user, forexample, on a display of the mobile phone A and checks whether thecontent type or types listed in the description information BI1 can beused by the mobile phone A. As such, a check is made to determinewhether the mobile phone A is able to display or play back certaincontent, such as image data at a particular resolution or color, or alsomusic data. If this is the case, and the user gives his or her approval,the download client HK requests the transmission of the confirmationobject DCFV, to which in this example the request for the actual rightsobject RO is logically linked.

4.) As a response to the request, the download server transmits theconfirmation object DCFV to the download client HK.

5.) The download client HK recognizes the type of the confirmationobject DCFV, has stored an assignment to the DRM agent DRMA for suchobject or file type and passes the confirmation object to the DRM agentfor checking.

6.) The DRM agent checks whether the checksum (or hash value) containedin the confirmation object DCFV tallies with the checksum (or hashvalue) of the container object DCF already stored on the mobile phone A.For this purpose, the confirmation object DCFV also contains theidentification designation of the container object DCF. The DRM agentDRMA has stored information associated with this identificationdesignation indicating where in the memory of the mobile phone A thecorresponding container object is stored, which value the checksum (orhash value) of the container object or the encrypted user data objectpacked therein has, and whether the check or comparison of the checksum(or hash value) has been completed successfully.

7.) If the matching container object has been found in step 6.) and thechecksum (or hash value) has been checked successfully, that is, if thechecksum contained in the confirmation object tallies with the checksumof the container object stored on the mobile phone A or the encrypteduser data object contained therein, the DRM agent DRMA issues a positivemessage to the download client HK.

8.) The download client HK sends a status report, to the download serverHS in which the result obtained in step 7.) is passed on.

9.) Upon receiving a positive status report the download servertransmits the requested rights with the actual rights object RO in, forexample, a “push” mode (e.g., via a WAP push) to the mobile phone A. Itis entirely possible that a transmission of this kind also may beperformed via a message in the MMS or as an e-mail. The DRM agent DRMAnow receives the rights object RO and stores it in a special memory areawhich is protected against unauthorized access. Using the key containedin the rights object RO, the DRM agent DRMA can decrypt the encrypteduser data object contained in the container object DCF and finally makeit usable for use by the user of the mobile phone. For example, imagedata contained in the user data object can be displayed on a displaydevice of the mobile phone, music data can be audibly played back ormultimedia data such as video clips may be displayed and played back,etc.

Following the above explanation of a general example for transmitting ordownloading rights or rights objects from a data provisioning componentto a telecommunications device such as a videophone, a more concreteexample now will be explained.

Let it be assumed as the starting situation that on the mobile phone (A)there is stored a container object which has reached the mobile phone(A) via superdistribution (i.e. a transmission from a further mobilephone). For example, the container object DCF was transferred to themobile phone (A) as part of a multimedia message in the MultimediaMessaging Service (MMS) or simply via an infrared interface (IrDA). Itis then stored in a memory area provided for data objects or in a filesystem of the mobile phone (A) and can be identified there as acontainer object by a special file extension. If the user of the mobilephone (A) activates the container object (for example, by selecting itin a file management application such as an Explorer), the DRM agent isstarted automatically in order to search for a matching rights objectfor the selected container object. It is assumed that no rights objecthas yet been transferred to the mobile phone (A) for the containerobject, with the result that the DRM agent (DRMA) is not successful inits search for a suitable rights object and proposes to the user toobtain rights or a rights object off the Internet from the associatedrights provider and download it to the mobile phone (A). For thispurpose, a description section in the container object contains anInternet address or URL of the rights provider. Also stored in thedescription section of the container object (see also FIG. 3) inaddition to the URL of the rights provider is the checksum (or hashvalue) of the encrypted user data object packed in the container object,by which the integrity or freedom from damage of the container objectand, hence, of the packed, encrypted user data object can be checked. Ifthe user selects the URL for downloading new rights for the encrypteduser data object, on the one hand the referenced URL is selected and onthe other the checksum (or hash value) for the encrypted user dataobject packed in the container object is determined by the DRM agent inorder to verify its integrity. The result of this integrity check isstored by the DRM agent, as is also the identification designation forthe container object and its position in the file system on the mobilephone (A).

The invocation of the resource (data provisioning component of a rightsprovider) at the address specified in the description section of thecontainer object (“rights issuer URL”) has a result that depends on theembodiment by the rights provider. Either a web page is returned (e.g.,in the HTML (Hypertext Markup Language) format or in another, such as anXML-based, format), a browser application is started on the mobile phoneA and a browsing session follows in which the user of the mobile phone(A) is offered an address for starting the download process for newrights. As an alternative to the return of a web page and a followingbrowsing session, the download process can be started directly byretrieval of description information for a specific container object orthe user data object contained therein.

The encrypted user data object matching the requested rights can bedescribed in the description information processed by the downloadclient (HK) of the mobile phone (A) just as accurately as if theencrypted user data object itself were to be downloaded. Thus, whendownloading new rights, the user of the mobile phone (A) receives thesame information as when downloading the encrypted user data object andthus has the same basis on which to make a decision whether to make useof the proposed service rights or not. In contrast to the downloadprocess for the encrypted user data object and the associated rightsobject, however, the type of a confirmation object assigned to therights object is specified in the description information as contenttype for the download process. In this way, the download client as wellas the user are informed that only the rights object or a confirmationobject assigned thereto will be transmitted. The corresponding encrypteduser data object therefore already must be stored on the mobile phone(A). In addition, the download client can check on the basis of theother specifications in the description information that relate to theencrypted user data object whether the described encrypted user dataobject or its content also may be used on the mobile phone (A), i.e.,whether attributes such as size, type and further attributes of theunencrypted user data object “match” the device features of the mobilephone (A).

If all the above-mentioned criteria are met and the user decides todownload new rights, the download client continues the download processby requesting the confirmation object assigned to the rights object fromthe download server (HS). The download server responds and sends theconfirmation object to the download client, which recognizes the objecttype of the confirmation object and immediately passes on theconfirmation object to the DRM agent. The DRM agent receives theconfirmation object, interprets the identification designation for therelevant container object contained therein in order to determine whichcontainer object needs to be checked and compares the checksum (or hashvalue) received in the confirmation object with the corresponding valuecontained in the description section of the container object or with thepreviously determined value of the encrypted user data object in thecontainer object. If the checksums (or hash values) tally, it isconfirmed that the encrypted user data object in the container objectwill be usable with the previously selected rights object. The DRM agentthen signals a positive check of the confirmation object to the downloadclient. The download client thereupon sends the download server a statusreport in which the corresponding status value or status report causesthe download server to send the previously selected rights object, suchas via a WAP push, to the mobile phone (A) and possibly to charge theuser for the associated service; i.e., the use of the user data objectin the container object. This can be accomplished by the sending, by thedownload server, of an instruction to a billing system of the mobileradio network in which the mobile phone (A) resides to charge the userof the mobile phone (A) for the downloaded rights or rights object; forexample, using the traditional telecommunications call billing system.

Following the arrival of the rights objects on the mobile phone (A), arights object is passed on, in turn, according to its object typeimmediately to the DRM agent and managed by the latter. The object canbe located and opened in the memory of the mobile phone (A) via amanagement data record or an identification designation of the containerobject. Next, the key contained in the new rights object is used fordecrypting the encrypted user data object in the container object andthe user data object then can be used.

Reference now will be made to FIG. 3, which shows a container object DCFwhich can be used, for example, in a method illustrated in FIG. 2. Thecontainer object DCF includes a content section IA, in which anencrypted user data object vNDO is stored, and a description section BA,in which there are provided an identification designation “Content ID”for the container object DCF, a rights provider URL, which can be usedfor requesting new rights, and a checksum (or hash value) via which theintegrity or freedom from damage of the encrypted user data object orthe entire container object can be checked.

Reference now will be made to FIG. 4, which shows a rights object ROwhich can be used, for example, in the method illustrated in FIG. 2. Ina general description section ABA, the rights object RO contains, inaddition to other possible identifiers or elements, an identificationdesignation “Content ID”, which serves to identify the associatedcontainer object DCF. The rights object RO also contains a rightsdescription section RBA, which contains a key for decrypting theencrypted user data object vNDO contained in the container object DCFand also a description of the rights for usage of the encrypted userdata object vNDO. The description of the rights includes, as alreadymentioned above, the definition of the rights which the user receives byway of the transferred rights object in order to use the encrypted userdata object, specifying, for example, that the user may only listen tomusic data even if image or video information is also contained in theencrypted user data object. However, the user also can receive therights for full use of the encrypted user data object, etc.

Reference now will be made to FIG. 5, which shows a confirmation objectDCFV assigned to the rights object RO depicted in FIG. 4. Importantelements of the confirmation object DCFV are firstly the identificationdesignation “Content ID” for referencing the associated container objectDCF, as has been explained, for example, in relation to FIG. 2, andsecondly the checksum (or hash value) which has to be compared with thecorresponding value of the container object DCF in order to guaranteecorrect assignment of a rights object RO that is to be newly downloadedand a container object DCF already present on a telecommunicationsdevice of a user.

It should be noted, in conclusion, that although in the illustratedembodiments of a method for downloading rights objects it has alwaysbeen assumed that while a container object with an encrypted user dataobject contained therein is already stored on the telecommunicationsdevice, there is not yet an associated rights object present to enablethe encrypted user data object to be used. It also is possible, however,that in addition to the container object with the encrypted user dataobject contained therein, a first rights object is already stored on thetelecommunications device of the user, which first rights object thusenables the use of the encrypted user data object based on the rightsdescribed therein. However, if these rights of the first rights objectpermit a partial use of the encrypted user data object, then it is alsopossible that the user of the telecommunications device would like todownload or transmit a second rights object to his or hertelecommunications device which allows more extensive or full use of theencrypted user data object. In such a case, the user can request thesecond rights object, as described, for example, in general terms inrelation to FIG. 2, and after checking by a confirmation object assignedto the second rights object, download the second rights object to his orher telecommunications device in order to enable more extensive use ofthe encrypted user data object on his or her telecommunications device(“rights refresh”).

Although the present invention has been described with reference tospecific embodiments, those of skill in the art will recognize thatchanges may be made thereto without departing from the spirit and scopeof the present invention as set forth in the hereafter appended claims.

1-24. (canceled)
 25. A method for handling encrypted user data objects,the method comprising: generating a rights object for an encrypted userdata object by a data provisioning component, the rights object havingassignment information for assigning the rights object to a containerobject having an encrypted user data object, decryption information fordecrypting the encrypted user data object, and rights information fordescribing usage rights of the encrypted user data object; generating aconfirmation object assigned to the rights object by the dataprovisioning component, the confirmation object having assignmentinformation for assigning the rights object to an encrypted user dataobject and a checksum of the encrypted user data object; transmitting acontainer object to a first telecommunications device, the containerobject having a content section in which an encrypted user data objectis provided, and a description section in which a determined checksum ofthe encrypted user data object is provided; extracting the checksum fromthe description section of the container object; re-determining thechecksum of the encrypted user data object provided in the contentsection of the container object; comparing the extracted checksum withthe re-determined checksum so that, should the two checksums tally, anerror-free transmission of the encrypted user data object may beconcluded; requesting, via the first telecommunications device, theconfirmation object assigned to the rights object to be transmitted tothe first telecommunications device; transmitting the confirmationobject from the data provisioning component to the firsttelecommunications device; extracting the checksum from the confirmationobject; and comparing the checksum extracted from the confirmationobject with the re-determined checksum so that, should the two checksumstally, compatability of the rights object assigned to the confirmationobject and the encrypted user data object transmitted to the firsttelecommunications device in the container object may be concluded. 26.A method for handling encrypted user data objects as claimed in claim25, wherein the data provisioning component provides user data objectswhich are processed, the processing comprising: encrypting a user dataobject provided on the data provisioning component; determining achecksum of the encrypted user data object; generating a containerobject having a content section in which the encrypted user data objectis provided, and a description section in which the determined checksumof the encrypted user data object is provided; and transmitting thecontainer object from the data provisioning component to the firsttelecommunications device.
 27. A method for handling encrypted user dataobjects as claimed in claim 25, wherein the container object istransmitted to the first telecommunications device by the dataprovisioning component via at least one further data provisioningcomponent or at least one further telecommunications device.
 28. Amethod for handling encrypted user data objects as claimed in claim 25,further comprising submitting a request, via the firsttelecommunications device, to transmit the rights object generated bythe data provisioning component to the first telecommunications device.29. A method for handling encrypted user data objects as claimed inclaim 25, wherein the rights object is transmitted by the dataprovisioning component to the first telecommunications device ifcompatability has been established based on an agreement of thechecksums of the confirmation object assigned to the rights object andthe encrypted user data object transmitted to the firsttelecommunications device in the container object.
 30. A method forhandling encrypted user data objects as claimed in claim 25, whereinfollowing a successful comparison of the extracted checksum with there-determined checksum, the method further comprises: requestingdescription information relating to the content of the encrypted userdata object from the data provisioning component; transmitting therequested description information from the data provisioning componentto the first telecommunications device; and checking whether the contenthaving the attributes specified in the description information can beused by the first telecommunications device.
 31. A method for handlingencrypted user data objects, the method comprising: providing anencrypted user data object in a first telecommunications device;requesting description information relating to content of the encrypteduser data object from a data provisioning component; transmitting therequested description information from the data provisioning componentto the first telecommunications device; checking whether the contenthaving the attributes specified in the description information can beused by the first telecommunications device; and requesting from thedata provisioning component, upon successful checking of the attributesspecified in the description information, a confirmation object which isassigned to a rights object assigned to the encrypted user data objectin order to check compatibility of the rights object and the encrypteduser data object.
 32. A method for handling encrypted user data objectsas claimed in claim 31, wherein the rights object is transmitted by thedata provisioning component to the first telecommunications device uponsuccessful checking of the compatability of the rights object and theencrypted user data object.
 33. A method for handling encrypted userdata objects as claimed in claim 31, wherein the encrypted user dataobject is provided in a content section of a container object.
 34. Amethod for handling encrypted user data objects as claimed in claim 33,wherein the container object further includes a description section inwhich a checksum of the encrypted user data object is provided.
 35. Amethod for handling encrypted user data objects as claimed in claim 34,wherein an address of the data provisioning component is also providedin the description section of the container object for purposes ofrequesting at least one of the description information and theconfirmation object.
 36. A method for handling encrypted user dataobjects as claimed in claim 34, wherein the confirmation object has achecksum of the encrypted user data object, the comparability of therights object and the encrypted user data object being checked, thechecking comprising: extracting the checksum from the confirmationobject; and comparing the checksum extracted from the confirmationobject with the checksum provided in the description section of thecontainer object so that, should the two checksums tally, thecompatability of the rights object assigned to the confirmation objectand the encrypted user data object provided in the container objecttransmitted to the first telecommunications device may be concluded. 37.A method for handling encrypted user data objects as claimed in claim25, wherein at least one of: a first confirmation message is sent by thefirst telecommunications device to the data provisioning component ifthe compatability of the rights object assigned to the confirmationobject and the encrypted user data object transmitted to the firsttelecommunications device in the container object has been established;and a second confirmation message is sent if the firsttelecommunications device has received the rights object from the dataprovisioning component.
 38. A method for handling encrypted user dataobjects as claimed in claim 28, further comprising transmitting charginginformation relating to the transmitted rights object to atelecommunications subscriber assigned to the first telecommunicationsdevice.
 39. A method for handling encrypted user data objects as claimedin claim 25, wherein the checksum is a hash value calculated accordingto a hash algorithm.
 40. A method for handling encrypted user dataobjects as claimed in claim 27, wherein at least one of the firsttelecommunications device and the at least one furthertelecommunications device are part of a first telecommunications mobileradio network.
 41. A method for handling encrypted user data objects asclaimed in claim 25, wherein the data provisioning component is part ofa second telecommunications network.
 42. A method for handling encrypteduser data objects as claimed in claim 27, wherein at least one of thefirst telecommunications device and the at least one furthertelecommunications device include a radio module.
 43. A method forhandling encrypted user data objects as claimed in claim 42, wherein theradio module is one of a mobile phone, a cordless telephone and aportable computer.
 44. A method for handling encrypted user data objectsas claimed in claim 27, wherein data is transmitted between the firsttelecommunications device and the at least one furthertelecommunications device via WAP protocols.
 45. A method for handlingencrypted user data objects as claimed in claim 27, wherein data istransmitted between the first telecommunications device and the at leastone further telecommunications device via Internet protocols.
 46. Amethod for handling encrypted user data objects as claimed in claim 45,wherein the Internet protocol is Hypertext Transfer protocol.
 47. Amethod for handling encrypted user data objects as claimed in claim 25,wherein the user data objects include at least one of text information,audio information, video information, executable programs and softwaremodules.
 48. A telecommunications system for handling encrypted userdata objects, comprising: a data provisioning system having at least onedata provisioning component; and at least one first telecommunicationsdevice; wherein a rights object is generated for an encrypted user dataobject by the data provisioning component, the rights object havingassignment information for assigning the rights object to a containerobject having an encrypted user data object, decryption information fordecrypting the encrypted user data object, and rights information fordescribing usage rights of the encrypted user data object; wherein aconfirmation object assigned to the rights object is generated by thedata provisioning component, the confirmation object having assignmentinformation for assigning the rights object to an encrypted user dataobject and the checksum of the encrypted user data object; wherein acontainer object is transmitted to the first telecommunications device,the container object having a content section in which an encrypted userdata object is provided, and a description section in which a determinedchecksum of the encrypted user data object is provided; wherein thechecksum is extracted from the description section of the containerobject; wherein the checksum of the encrypted user data object providedin the content section of the container object is re-determined; whereinthe extracted checksum is compared with the re-determined checksum sothat, should the two checksums tally, an error-free transmission of theencrypted user data object may be concluded; wherein the firsttelecommunication device requests the confirmation object assigned tothe rights object to be transmitted to the first telecommunicationsdevice; wherein the confirmation object is transmitted from the dataprovisioning component to the first telecommunications device; whereinthe checksum from the confirmation object is extracted; and wherein thechecksum extracted from the confirmation object is compared with there-determined checksum so that, should the two checksums tally,compatability of the rights object assigned to the confirmation objectand the encrypted user data object transmitted to the firsttelecommunications device in the container object may be concluded.